Prompt Injection in Gorilla Mux with Basic Auth

Gorilla Mux is a widely used HTTP router for Go that enables powerful pattern-based routing. When Basic Auth is used as a lightweight protection for routes, developers may assume that path-based access control is sufficient. However, combining Gorilla Mux with Basic Auth does not prevent an unauthenticated attacker from reaching the handler if the middleware is misconfigured or omitted, and it does nothing to protect the handler itself once invoked.

Prompt Injection becomes relevant when the handler downstream of Gorilla Mux forwards user-influenced input to an LLM endpoint. Even when Basic Auth guards the route, an attacker who bypasses or ignores authentication can supply crafted query parameters, headers, or body content that are concatenated into system or user prompts. Because Basic Auth only addresses identity verification at the router layer and does not sanitize or validate input, malformed or malicious strings can reach the LLM call, enabling system prompt leakage, instruction override, or data exfiltration probes.

Consider a route defined with Gorilla Mux where a username path variable is used to personalize a conversation with an LLM. If the handler directly interpolates the variable into the prompt without validation or escaping, an attacker can inject additional prompt segments by supplying values such as /chat/admin followed by crafted suffixes. The Basic Auth layer may reject unauthorized users at the router, but once access is granted, the handler’s unchecked use of input creates a clear injection path. This is especially dangerous when the same route is exposed in an unauthenticated attack surface scan, allowing an attacker to probe for LLM-specific behaviors such as system prompt leakage or cost exploitation.

In an automated scan, the tool tests multiple vectors including query parameters, headers, and path segments that flow through the Gorilla Mux router into the handler. If the handler constructs LLM requests by naively concatenating user data, the scan can detect missing input validation and insufficient prompt segregation. Because Basic Auth does not alter the content of requests, it cannot mitigate prompt injection; the vulnerability resides in how the handler builds and sends prompts to the LLM, not in the routing or authentication mechanism alone.

To reduce risk, handlers must treat all input as untrusted, apply strict allowlists, and isolate user data from system instructions before sending them to the LLM. Scanning with a tool that includes active LLM security probing, such as the checks for prompt injection and system leakage, helps identify whether Gorilla Mux routes protected by Basic Auth still expose dangerous concatenation patterns in downstream handlers.

Proper remediation requires both correct Basic Auth usage and strict input handling around LLM prompts. Below are two concrete patterns for Gorilla Mux that demonstrate secure routing and handler design.

1. Secured route with Basic Auth middleware and validated LLM input

This example shows a Gorilla Mux route with Basic Auth middleware that validates credentials before the handler runs. The handler then extracts a path variable, applies strict validation, and ensures user input is never directly embedded in the system prompt.

package main

import (
    "fmt"
    "net/http"
    "regexp"
    "strings"

    "github.com/gorilla/mux"
    "golang.org/x/crypto/bcrypt"
)

// validateUser performs constant-time check against a hardcoded user for example purposes.
func validateUser(username, password string) bool {
    // In production, use a secure store and constant-time comparison.
    storedHash := "$2a$10$abc123..." // bcrypt hash of the expected password
    return bcrypt.CompareHashAndPassword([]byte(storedHash), []byte(password)) == nil
}

// basicAuth is a simple Basic Auth middleware for Gorilla Mux.
func basicAuth(next http.Handler) http.Handler {
    return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
        user, pass, ok := r.BasicAuth()
        if !ok || !validateUser(user, pass) {
            w.Header().Set("WWW-Authenticate", `Basic realm="restricted"`)
            http.Error(w, "Unauthorized", http.StatusUnauthorized)
            return
        }
        next.ServeHTTP(w, r)
    })
}

// sanitizeInput allows only alphanumeric, hyphen, and underscore.
var safeUsername = regexp.MustCompile(`^[A-Za-z0-9_-]+$`).MatchString

func llmHandler(w http.ResponseWriter, r *http.Request) {
    vars := mux.Vars(r)
    username := vars["username"]
    if !safeUsername(username) {
        http.Error(w, "Invalid username", http.StatusBadRequest)
        return
    }

    // Construct prompt with clear separation: system instructions are static,
    // user input is treated as a separate turn, never merged into the system role.
    systemPrompt := "You are a helpful assistant. Do not reveal internal logic."
    userMessage := fmt.Sprintf("User asked about: %s", username)

    // Here you would call your LLM client, passing systemPrompt and userMessage as separate roles.
    // Example omitted to avoid external dependencies.
    fmt.Fprintf(w, "Prepared prompt for user: %s", username)
}

func main() {
    r := mux.NewRouter()
    r.HandleFunc("/chat/{username}", llmHandler).Methods("GET")
    http.ListenAndServe(":8080", basicAuth(r))
}

2. Handler with explicit input validation and escaped user data

This pattern emphasizes strict allowlisting and avoiding concatenation that could blur system and user roles. It also demonstrates how to reject suspicious characters that could facilitate prompt injection.

func chatHandler(w http.ResponseWriter, r *http.Request) {
    vars := mux.Vars(r)
    username := vars["username"]

    // Allow only a narrow safe character set.
    if !safeUsername(username) {
        http.Error(w, "Invalid input", http.StatusBadRequest)
        return
    }

    // Never include user input in the system prompt.
    systemPrompt := "You are a support bot. Answer concisely."
    userPrompt := "Help with " + username

    // Send to LLM with distinct roles; do not concatenate into a single string.
    // client.Chat(context.Background(), systemPrompt, userPrompt)
    w.Write([]byte("Input validated"))
}

These examples show that Basic Auth in Gorilla Mux secures entry points but does not prevent prompt injection. Defend the handler by validating input, separating user content from system instructions, and scanning routes to ensure no unprotected endpoints expose LLM interactions.